First published: Mon Oct 11 2021(Updated: )
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Projectsend Projectsend | =r1295 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-40884.
The severity of CVE-2021-40884 is high with a score of 8.1.
The affected software is Projectsend version r1295.
CVE-2021-40884 allows a user with an uploader role to download and edit all files of users in the application due to not checking authorization in certain functions.
At the moment, there is no official fix available for CVE-2021-40884. It is recommended to monitor the project's GitHub page for updates.